Interesting, thanks. Sounds like APIKey is a pre-defined parameter known to both server and client and used to validate the request on the server-side. Most likely ClientTag serves as APIKey. However, this approach does not seem to be secure as APIKey / ClientTag could be intercepted very easily (but anyway it's better than nothing). So that's why I asked about ClientTag purpose and scenarios to use it.